Amazon Linux 2 Security Advisory: ALAS2-2026-3178
Advisory Released Date: 2026-03-06
Advisory Updated Date: 2026-03-06
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system. (CVE-2026-1757)
Affected Packages:
libxml2
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update libxml2 or yum update --advisory ALAS2-2026-3178 to update your system.
aarch64:
libxml2-2.9.1-6.amzn2.5.24.aarch64
libxml2-devel-2.9.1-6.amzn2.5.24.aarch64
libxml2-static-2.9.1-6.amzn2.5.24.aarch64
libxml2-python-2.9.1-6.amzn2.5.24.aarch64
libxml2-debuginfo-2.9.1-6.amzn2.5.24.aarch64
i686:
libxml2-2.9.1-6.amzn2.5.24.i686
libxml2-devel-2.9.1-6.amzn2.5.24.i686
libxml2-static-2.9.1-6.amzn2.5.24.i686
libxml2-python-2.9.1-6.amzn2.5.24.i686
libxml2-debuginfo-2.9.1-6.amzn2.5.24.i686
src:
libxml2-2.9.1-6.amzn2.5.24.src
x86_64:
libxml2-2.9.1-6.amzn2.5.24.x86_64
libxml2-devel-2.9.1-6.amzn2.5.24.x86_64
libxml2-static-2.9.1-6.amzn2.5.24.x86_64
libxml2-python-2.9.1-6.amzn2.5.24.x86_64
libxml2-debuginfo-2.9.1-6.amzn2.5.24.x86_64